Vulnerability Assessment Analyst
- Full-Time
The Vulnerability Management Team member will provide technical support to the DoD Vulnerability Disclosure Program (VDP). These activities directly support the mission to improve defense of the DoD Information Network (DoDIN), by receiving, validating, and disseminating cybersecurity vulnerabilities reported by private-sector researchers. The VDP team tracks and analyzes reported vulnerabilities and mitigation actions by systems owners to identify gaps in DoDIn defenses; areas requiring increased attention, and areas for improvement.
This position performs technical validation and initial severity assessment of externally-reported web security vulnerabilities
Alliant LCAT Description: Possesses and applies expertise on multiple complex work assignments. Assignments may be broad in nature, requiring originality and innovation in determining how to accomplish tasks. Operates with appreciable latitude in developing methodology and presenting solutions to problems. Contributes to deliverables and performance metrics where applicable.
Suggested Qualifications: 13 years of professional experience without a degree; or 5 years of professional experience with a Bachelors degree from an accredited college in a related discipline, or equivalent experience/combined education; or 3 years of professional experience with a related Masters degree; or no experience required with a related PhD or JD. Consideration should always be given for the level of specific domain expertise.
- Expert technical understanding of software and web application security and common vulnerabilities (CWE, CVE)
- Demonstrated technical ability to validate web vulnerabilities on live DoD web properties using manual techniques and common tools
- Demonstrated ability to recognize, interpret, and communicate in information assurance vulnerability management (IAVM), Risk Management Framework (RMF), and security technical implementation guides (STIGs)
- Demonstrated knowledge of various software testing methodologies, test case creation and the reporting process
- Knowledge of current DoD cyber security challenges and threats
- Knowledge of common web application architecture and programming techniques, including common languages (e.g., JavaScript, PHP, SQL)
- Familiar with Layer 2/3 network and security appliance capabilities; familiar with TCP/IP protocol stack
- Strong verbal and written communication skills; ability to provide expert review of accurate and timely technical reports for release to external customers
- Flexibility to adapt to dynamic work environment to meet organizational requirements
- Ability to use sound judgement when conducting live testing to avoid or minimize impact to production services and data
- Superior organizational skills to analyze, develop, and deliver detailed reports to meet short suspense windows
- Aware of industry trends; IoT, ICS/SCADA, containerization technologies, Dev-Sec-Ops
- Certifications (any): CEH, GCIH, Security+, CCNA Cyber Ops, GWAPT, GPEN, OSCP, OSWE
Desired Qualifications:
- Certifications (any): CEH, GCIH, Security+, CCNA Cyber Ops, GWAPT, GPEN, OSCP, OSWE
- Strong attention to detail and ability to prepare documents for customer review
Clearance:
- Secret
Defense Engineering, Inc. is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.
Address
Defense Engineering, Inc.
Linthicum Heights, MDGet fresh Vulnerability Assessment Analyst jobs daily straight to your inbox!
By clicking the button above, I agree to the ZipRecruiter Terms of Use and acknowledge I have read the Privacy Policy, and agree to receive email job alerts.
You Already Have an Account
We're sending an email you can use to verify and access your account.
If you know your password, you can go to the sign in page.